Alerts This Week
Warning Icon 1 1,495
Alerts This Week
Warning Icon 1 1,495

Ubuntu 20.04 LTS USN-7256-1 critical: Ruby denial of service

ubuntu
Calendar Grey February 6, 2025
Dist Ubuntu Esm H88
Numerous security flaws in Ruby have been resolved in Ubuntu 20.04 LTS through this advisory update, enhancing system protection.
Several security issues were fixed in Ruby.

Summary

Several security issues were fixed in Ruby.

Software Description:

- ruby2.7: Object-oriented scripting language

Details:

It was discovered that Ruby incorrectly handled parsing of an XML document

that has specific XML characters in an attribute value using REXML gem. An

attacker could use this issue to cause Ruby to crash, resulting in a

denial of service.

Update Instructions

The problem can be corrected by updating your system to the following
package versions:

Ubuntu 20.04 LTS
  libruby2.7                      2.7.0-5ubuntu1.16
  ruby2.7                         2.7.0-5ubuntu1.16

In general, a standard system update will make all the necessary changes.

References

https://ubuntu.com/security/notices/USN-7256-1

CVE-2024-39908, CVE-2024-43398

Severity
critical
Lowest
Low
Medium
High
Critical

Ubuntu Security Notice USN-7256-1

Package Information

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.

Your message here